Search

How can we help?

Icon

“Systematic Failings” on Data Protection leads to a £15,000 fine

Following on from the case reported last month on data protection (”Failing to anonymise – the cost”), a nursing home in Northern Ireland has received a fine of £15,000 from the Information Commissioner’s Office (“ICO”), following the burglary of the home of one of its staff members.

During the burglary, an unencrypted work laptop was stolen. The laptop contained sensitive personal data, including medical information, on the nursing home’s 29 residents (including “do not resuscitate” orders) and personal data on the 46 members of staff.

The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices. Data security training was also found to be lacking. In issuing the fine, the ICO said there had been “systematic failings” at the nursing home.

The fine was issued despite the nursing home referring themselves to the ICO, no complaints being made by any of the staff or residents’ families and no confirmation that the information had been further disseminated. In determining the level of the fine, the nursing home received some credit for having self-reported its breach to the ICO.

The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices.

The amount of the fine reflected the size of the business, with the ICO stating that a bigger organisation experiencing a similarly serious breach should expect to receive a much larger fine. The case therefore acts as a timely reminder that all businesses must take their legal duties to look after personal data seriously and should ensure adequate policies, procedures and equipment are in place.  Simply having a work laptop password protected will not fulfil this duty.

For useful data protection factsheets, checklists and templates, please visit employmentbuddy.com 

For further advice on how to protect your business against data protection and privacy claims, please contact our employment lawyers on employment@clarkslegal.com 

About this article

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

art
  • 10 April 2024
  • Employment

New Guidance: Confidence to Recruit

The new Government guide in collaboration with the CIPD aims to give employers the confidence to recruit its workforce from a wider range of people including those who may have been overlooked in the past as a problem rather than an asset.

art
  • 03 April 2024
  • Employment

FAQ’s on the new Carer’s Leave Act

Beginning on 6 April 2024, the Carer’s Leave Act comes into force, meaning carers are now entitled to request 1 week’s unpaid leave to care for their dependants.

art
  • 02 April 2024
  • Construction

UK housebuilders investigated over suspected exchanges of anti-competitive information

In 2022 the CMA was called upon by the Secretary of State for the Department for Levelling Up, Housing & Communities to conduct a study into the housebuilding sector and provide recommendations on how the sector can operate as efficiently as possible

art
  • 28 March 2024
  • Corporate and M&A

Legal perspectives on ESG and director duties

In today’s rapidly changing business landscape, the concept of ESG factors has emerged as a guiding framework for companies seeking to thrive in the long term.

art
  • 27 March 2024
  • Commercial Real Estate

5 key considerations when taking on a lease of a pub property

Taking on a pub property can be both exciting and daunting. Here are 5 key considerations that pub tenants should consider when taking on this new venture.

art
  • 26 March 2024
  • Employment

Navigating Neuroinclusion: A Guide for Employers

Over the past few years, we have seen a marked rise in awareness of neurodiversity, as well as campaigns for awareness and inclusion in the workplace for neurodiverse employees.